[ https://issues.apache.org/jira/browse/HADOOP-19079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17835744#comment-17835744 ]
ASF GitHub Bot commented on HADOOP-19079: ----------------------------------------- steveloughran commented on code in PR #6557: URL: https://github.com/apache/hadoop/pull/6557#discussion_r1559479255 ########## hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/test/LambdaTestUtils.java: ########## @@ -823,6 +922,19 @@ public static <E extends Throwable> E verifyCause( } } + private static String toString(Collection<String> strings) { Review Comment: java8 has a couple of ways to do this; StringJoiner or Collections: https://www.baeldung.com/java-list-comma-separated-string > check that class that is loaded is really an exception > ------------------------------------------------------ > > Key: HADOOP-19079 > URL: https://issues.apache.org/jira/browse/HADOOP-19079 > Project: Hadoop Common > Issue Type: Task > Components: common, security > Reporter: PJ Fanning > Priority: Major > Labels: pull-request-available > > It can be dangerous taking class names as inputs from HTTP messages even if > we control the source. Issue is in HttpExceptionUtils in hadoop-common > (validateResponse method). > I can provide a PR that will highlight the issue. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org